Signing Javascript

electBlake electblake at gmail.com
Sun Nov 30 06:08:39 UTC 2008


So, now I don't get any errors but the neither the "Is the applet  
currently recording:" (which is a great function to expose to  
javascript btw), or the "Click to obtain id" give any errors.

But, they don't return anything either.

I'm thinking this is a big step in the right direction tho :)

Are there any specific instructions other then browsing to: http://rascal.xymbo.com 
  and clicking the links?


On 29-Nov-08, at 10:36 PM, David Makalsky wrote:

> My firebug shows no such issues.  It works solidly across IE7, Firefox
> and Safari from my machine.
>
> Has anyone else tested it out?
>
> Regards,
>
> David
>
> On Fri, Nov 28, 2008 at 4:06 PM, electBlake <electblake at gmail.com>  
> wrote:
>> I went and tested it. My FireBug says that all of the functions are  
>> not
>> found.
>>
>> http://img142.imageshack.us/img142/1380/picture5jq9.png
>>
>> *shrugs*
>>
>> On 28-Nov-08, at 3:21 PM, David Makalsky wrote:
>>
>>> Actually, this is not the way to communicate with an applet.  It's a
>>> means to communicate to a POJO structure.
>>>
>>> I got around the security issue by having my called method simply  
>>> set
>>> a field (jsSignal). I then have a separate thread monitor the field
>>> and act appropriately.  It seems to work now.
>>>
>>> Please try it out at http://rascal.xymbo.com and view source to see
>>> the JS and html.
>>>
>>> Regards,
>>>
>>> David Makalsky
>>>
>>> On Fri, Nov 28, 2008 at 2:22 PM, Peter Rowley <prowley at yorku.ca>  
>>> wrote:
>>>>
>>>> I think you may need to look at material in
>>>>
>>>>
>>>> https://developer.mozilla.org/en/Core_JavaScript_1.5_Guide/LiveConnect_Overview/JavaScript_to_Java_Communication 
>>>> #Package_and_Class_Reference
>>>>
>>>> particularly the section concerning the Packages Object
>>>>
>>>> Peter
>>>>
>>>>
>>>>
>>>>
>>>> "David Makalsky" <dmakalsky at gmail.com>
>>>>
>>>> 11/28/08 02:04 PM
>>>>
>>>> To
>>>> "Fluid Mailing List" <fluid-work at fluidproject.org>
>>>> cc
>>>> "Peter Rowley" <prowley at yorku.ca>
>>>> Subject
>>>> Re: Signing Javascript
>>>>
>>>>
>>>>
>>>>
>>>> Hi Peter,
>>>>
>>>> Yes, the applet is signed properly.  When the same functions are
>>>> called from the applet GUI they work fine.
>>>>
>>>> I would like to point out the following line in the stacktrace when
>>>> calling the method from js
>>>>
>>>> sun.plugin.javascript.JSClassLoader.invoke(Unknown
>>>> Source)                 at
>>>> sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown  
>>>> Source)
>>>>
>>>> I have seen the link you provided, but I was wondering if there was
>>>> any fluid standards to signing JS.  For example, do we use a common
>>>> certificate, etc.
>>>>
>>>> Regards,
>>>>
>>>> David
>>>>
>>>>
>>>>
>>>> On Fri, Nov 28, 2008 at 1:38 PM, Peter Rowley <prowley at yorku.ca>  
>>>> wrote:
>>>>>
>>>>> Hi David,
>>>>>
>>>>> This is pretty informative
>>>>>
>>>>> http://www.mozilla.org/projects/security/components/signed-scripts.html
>>>>>
>>>>> Are you sure the applet is signed properly?
>>>>>
>>>>> Peter
>>>>>
>>>>>
>>>>>
>>>>> "David Makalsky" <dmakalsky at gmail.com>
>>>>> Sent by: fluid-work-bounces at fluidproject.org
>>>>>
>>>>> 11/28/08 12:51 PM
>>>>>
>>>>> To
>>>>> "Fluid Mailing List" <fluid-work at fluidproject.org>
>>>>> cc
>>>>> Subject
>>>>> Signing Javascript
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> I am running into some issues when I am calling my Java Applet
>>>>> functions from within a JS function.
>>>>>
>>>>> (All Source available at http://rascal.xymbo.com and view source)
>>>>>
>>>>> For example, when I call the following function:
>>>>> function startRecordingApplet(){
>>>>>              document.rascal.startRecording();
>>>>> }
>>>>>
>>>>> it is supposed to call the startRecording() method from within the
>>>>> ScreencastApplet class.
>>>>>
>>>>> I am getting the following stack trace:
>>>>>
>>>>> java.security.PrivilegedActionException:
>>>>> java.lang.reflect.InvocationTargetException
>>>>>              at java.security.AccessController.doPrivileged(Native
>>>>> Method)
>>>>>              at sun.plugin.liveconnect.SecureInvocation 
>>>>> $2.run(Unknown
>>>>> Source)
>>>>>              at java.security.AccessController.doPrivileged(Native
>>>>> Method)
>>>>>              at
>>>>> sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
>>>>> Caused by: java.lang.reflect.InvocationTargetException
>>>>>              at  
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>> Method)
>>>>>              at  
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
>>>>> Source)
>>>>>              at  
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
>>>>> Source)
>>>>>              at java.lang.reflect.Method.invoke(Unknown Source)
>>>>>              at sun.plugin.javascript.JSInvoke.invoke(Unknown  
>>>>> Source)
>>>>>              at  
>>>>> sun.reflect.GeneratedMethodAccessor4.invoke(Unknown
>>>>> Source)
>>>>>              at  
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
>>>>> Source)
>>>>>              at java.lang.reflect.Method.invoke(Unknown Source)
>>>>>              at sun.plugin.javascript.JSClassLoader.invoke(Unknown
>>>>> Source)
>>>>>              at
>>>>> sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown  
>>>>> Source)
>>>>>              ... 4 more
>>>>> Caused by: java.security.AccessControlException: access denied
>>>>> (java.util.PropertyPermission user.dir read)
>>>>>              at
>>>>> java.security.AccessControlContext.checkPermission(Unknown Source)
>>>>>              at  
>>>>> java.security.AccessController.checkPermission(Unknown
>>>>> Source)
>>>>>
>>>>>
>>>>> After doing some research online, I have come to the conclusion  
>>>>> that
>>>>> the Javascript which calls Applet functionality which needs the  
>>>>> applet
>>>>> to be signed, itself needs to be signed as well.
>>>>>
>>>>> Do we have a fluid standard for signing javascript?  Does anyone  
>>>>> have
>>>>> any experience signing javascript?
>>>>>
>>>>> Any assistance would be appreciated.
>>>>> --
>>>>> David Makalsky
>>>>> _______________________________________________________
>>>>> fluid-work mailing list - fluid-work at fluidproject.org
>>>>> To unsubscribe, change settings or access archives,
>>>>> see http://fluidproject.org/mailman/listinfo/fluid-work
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> David Makalsky
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> David Makalsky
>>> _______________________________________________________
>>> fluid-work mailing list - fluid-work at fluidproject.org
>>> To unsubscribe, change settings or access archives,
>>> see http://fluidproject.org/mailman/listinfo/fluid-work
>>
>>
>
>
>
> -- 
> David Makalsky




More information about the fluid-work mailing list